A fascinating article in last weekend’s New York Times Magazine discusses the powerful statistical techniques that some companies are using to analyze sales and other data in order to gain insights into their customers’ behaviors and needs. The article raises a number of difficult consent and privacy issues.

The feature-length piece by Charles Duhigg uses the “predictive analytics” program developed by Target, America’s third-biggest retailer, as a case study to illustrate how companies are combining data from customer interactions with other information obtained from commercial databases to draw strikingly detailed portraits of individual customers.

By combining information on the kinds of goods an individual purchases from their stores over several visits with other information about that individual’s sociodemographic characteristics (such as age, ethnicity, and level of education) gleaned from public records databases, Target’s predictive analytics program can deduce whether an individual shopper possesses characteristics that make them particularly susceptible to the specific marketing efforts.

According to the article, the most important of these characteristics for large retailers is pregnancy, for this is (understandably) a period of upheaval during which the shopping habits of the expectant parent(s) are most likely to change. Women who have been identified by the predictive analytics program as likely to be pregnant are then sent relevant coupons and other marketing materials in an attempt to win their retail dollars. Target’s predictive analytics program has apparently become so good at correlating retail behavior with pregnancy that its booklets offering discounts on nursery items sometimes arrive in a customer’s mailbox before the mother-to-be has informed other members of her household of the pregnancy!

In principle, there is nothing wrong with Target or any other company using information collected from various sources to fine-tune their marketing efforts or save their customers money by sending them coupons or special offers that are particularly targeted to them. There are, however, a number of problems with how Target and other companies from a wide array of economic sectors are deploying their predictive analytics programs in practice.

The first problem is that most companies are not informing customers of their data collection, retention, and analysis policies – let alone obtaining their consent to the same. Until the publication of the New York Times Magazine article last weekend, the only way that a consumer would know about Target’s information collection and retention policies is by navigating to the company’s website and reviewing its privacy policy.

Some retailers have partially addressed the informed consent problem by having their customers sign up for loyalty cards which must be presented in order to obtain sale prices. The fine print on the loyalty card application provides an opportunity for the company to state that it is collecting customer information for a variety of purposes. While these loyalty card applications can provide the consumer with some disclosure about what is happening, these fine-print disclosures are far from perfect—given that few consumers take the time to read the dense legalese before sending in the application form. What is more, there is nothing to prevent retailers with a loyalty card scheme from collecting, retaining, and analyzing purchase data from customers who have not bothered to obtain a loyalty card. For this class of customers, the loyalty card application form fails as a mechanism to obtain their informed consent to these practices.

The second problem is that there are no clear policies around the uses a company may make of the information that it collects from its customers–including at the point-of-sale. To stick with the example of Target, its privacy policy states the following under the heading of "Sharing with Other Companies (for their marketing purposes)":

We may share information with vendors, business partners and other organizations which are not part of the Target family. These companies and organizations may use the information we share to provide special offers and opportunities to you.

Such a policy may be appropriate for a business which sells an innocuous product, such as lumber or stationery. It is, however, manifestly inappropriate for a retailer that sells products ranging from food to clothing to nonprescription drugs. If an individual’s purchases of these kinds of products can be used to determine whether she is pregnant, it is not difficult to see how a predictive analytics program could be used to determine whether a customer is overweight, diabetic, or sexually active – to name just three kinds of intimate details that can be revealed by the things we buy. Nor does it take a particularly fertile imagination to see how such information could be used by potential employers, insurance companies, and others in ways that no consumer would ever have dreamt about while waiting in the checkout line.

To be sure, there is nothing in the New York Times Magazine article to suggest that Target is selling or otherwise sharing product purchase information on an individual-by-individual basis with third companies. Even so, Target and other companies which are collecting data which may reveal the most intimate secrets of their customers must develop much more robust policies pertaining to the sharing of such data with third parties.

Blog Authors

Gwendolyn is co-chair of the firm’s International Business practice group and head of its Trade Sanctions and Export Controls practice. She is also a member of the firm’s Corporate Social Responsibility group...More